ASP.NET MVC 4 Tutorial :: Mobile Authentication With ASP.NET MVC 4

ASP.NET MVC 4 Tutorial | In this article, I am going to show you how to build an ASP.NET MVC web app with Two-Factor Authentication using Google Authenticator for preventing brute force attack.

Two-Factor authentication is a great way to help secure user accounts as It authenticates users using two valid authentication factors.

Here in this article, we will first verify user from our database and then will provide an option to the user for verifying using real-time token (generated via Google Authenticator) (not SMS as it’s costly). As I have said, We will use Google Authenticator(it’s completely free of cost) So, The Google Authenticator software must be installed on the user’s smartphone.

Step-2: Add reference of Google.Authenticator from NuGet

Step-3: Add a new ViewModel (class).

Here I have added a new class “LoginModel.cs” in our application.
I have added a folder named “ViewModel” first
Go to Solution Explorer > Right Click on Project Name > Add > New Folder > Rename.
and then added a class “LoginModel.cs” .
Go to Solution Explorer > Right Click on the folder (“ViewModel”)> Add > New Item… > Select class under code > Enter class name > Add.

Step-7: Add an another action (POST method) for verify user credential from database.

Here in this action, we will first verify user provided credential from our database and then if the user is valid, we will generate 2-factor authentication setup code (barcode and manual entry key) for use in Google Authenticator mobile app for setup account.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

[HttpPost]

publicActionResult Login(LoginModel login)

{

stringmessage="";

boolstatus=false;

//check username and password form our database here

//for demo I am going to use Admin as Username and Password1 as Password static value

if(login.Username=="Admin"&&login.Password=="Password1")

{

status=true;// show 2FA form

message="2FA Verification";

Session["Username"]=login.Username;

//2FA Setup

TwoFactorAuthenticator tfa=newTwoFactorAuthenticator();

stringUserUniqueKey=(login.Username+key);//as Its a demo, I have done this way. But you should use any encrypted value here which will be unique value per user.

Step-9: Add view for the action (here view for “MyProfile” action).

1

2

3

4

5

@{

ViewBag.Title="MyProfile";

}

<h2>My Profile</h2>

<h5>@ViewBag.Message</h5>

Step-10: Add an action for verifying 2 factory authentication token.

Here we will verify the authentication token generated by Google Authenticator mobile application and then the user will be redirected to the authorized area of the application (here in “My Profile” page).

HostForLIFE.eu ASP.NET MVC 4 Hosting
HostForLIFE.eu revolutionized hosting with Plesk Control Panel, a Web-based interface that provides customers with 24×7 access to their server and site configuration tools. Plesk completes requests in seconds. It is included free with each hosting account. Renowned for its comprehensive functionality – beyond other hosting control panels – and ease of use, Plesk Control Panel is available only to HostForLIFE’s customers. They offer a highly redundant, carrier-class architecture, designed around the needs of shared hosting customers.

ASPDotNet5Hosting.com is designed to help ASP.NET beginners and experts. The site was founded in 2014 by Simon, Thomas, Elizabeth and Diandra, who are professional ASP.NET geeks. Our experts have been evaluating many hosting companies for many years. The business aims to provide people with better products at cost-effective prices.

ASPDotNet5Hosting.com researches and evaluates the Best, Cheap and Recommended Windows web hosting providers in the world. we've selected the highest performing hosting and compared their services. Our mission is to stay you informed regarding the advantages and disadvantages of the various providers and that we can continually evaluate hosts’ performance based on the reviews you post on our web site.